Microsoft is continuing to show off new features coming in its Internet Explorer 10 Web browser, with a couple of posts describing its touch-friendly Metro interface and its enhanced security.
The current trend in browser design, led by Google Chrome, is to scale back the browser's interface so that it takes less and less of the screen, devoting more room to the Web content itself. Windows 8's Metro design similarly removes window chrome to put the focus on content.
Metro Internet Explorer 10 is the logical conclusion of this trend: most of the time it has no visible interface at all, leaving only the Web page visible. Its app bar, displayed by swiping from the top or bottom of the screen or right clicking the mouse, contains tabs, the address bar, and so on.
The Metro version of Internet Explorer feels slick and comfortable using both touch and mouse and keyboard interaction. Particular highlights are the tile-based favorites view and the tab thumbnails, both shown to good effect in Microsoft's post.
Internet Explorer 9 introduced some particularly taskbar-oriented features: support for pinning sites to the taskbar, and the ability for those pinned sites to create custom options in the Jump list. In Windows 8, sites can be pinned to the Start screen to make them instantly accessible. Sites pinned this way can even update their tile to show status notifications—much in the way that "real" apps can do. However, the Jump lists are tucked away, only available from within Internet Explorer.
One concern that this chromeless look raises is that of differentiaton; Metro-style versions of both Chrome and Firefox are being developed, and it's hard to see how they might look any different.
Security-wise, Internet Explorer 10 will include a new Enhanced Protected Mode. Protected Mode is the name Microsoft gives to its sandboxing technique. The current version, introduced in Internet Explorer 7 on Windows Vista, creates a separate, low-privilege process for running JavaScript and rendering HTML. This low-privilege process has no write access to most of the file system. This means that even if there is a security flaw in the browser, the attacker cannot write malware to the hard disk.
Sandbox protection of this kind isn't perfect—there are various techniques for escaping from the sandbox and increasing privileges—but it serves as another measure attackers have to defeat if they want to exploit users.
Enhanced Protected Mode further reduces the rights that each low-privilege process has: not only do they not have write permission to the file system, they also lose read permission. This makes the sandbox even harder to escape, but it comes at a cost: it breaks virtually all current plugins.
The Metro browser is already plugin-free, but the desktop browser is not. Enhanced Protected Mode won't be the default on the desktop (though this will be an option) to ensure that plugins remain compatible. If Enhanced Protected Mode is enabled, then any attempt to use an incompatible plugin will result in a prompt to disable the mode for that tab, to allow the plugin to work.
